Full Disclosure mailing list archives
Exploitation of unused IPv6-capabilities
From: "Lukas Th. Hey" <hey () cmkr nl>
Date: Sun, 18 Jan 2009 22:17:44 +0100
Hi folks, while playing around I had an idea for some "new kind of mitm" which works quite well here. Affected: All operating systems with unused IPv6 capabilities listening to router advertisements (radvd for example) Attack: Have an IPv6 tunnel with appropriate prefix delegated. Configure your machine to propagate the prefix and switch on IPv6 routing. As soon as the "victim" has an IPv6 address issued by your radvd it will prefer AAAA-entries over A-entries and connect via your tunnel where you're waiting with a password sniffer of your choice ;). This works in any computing center where you have colo'ed you box, have a dedicated system or...simply physical access. During my proof-of-concept I was able to intercept SMTP, HTTP and DNS sessions. It should also work in LANs (lanparties, corporations). The "danger" of misled connections will dramatically increase with the increasing amount of ISPs also offering services usable via IPv6. Advisory: Turn off your sever's/client's entire IPv6 capability or at least the capability to catch up router advertisement messages I hope you find the contents of my mail useful, entertaining or at least noch entirely shitty. Night! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Exploitation of unused IPv6-capabilities Lukas Th. Hey (Jan 18)
- Re: Exploitation of unused IPv6-capabilities A . L . M . Buxey (Jan 18)
- Re: Exploitation of unused IPv6-capabilities Lukas Th. Hey (Jan 18)
- Re: Exploitation of unused IPv6-capabilities Valdis . Kletnieks (Jan 19)
- Re: Exploitation of unused IPv6-capabilities TJ (Jan 25)
- Re: Exploitation of unused IPv6-capabilities Sebastian Krahmer (Jan 20)
- Re: Exploitation of unused IPv6-capabilities Florian Weimer (Jan 20)
- Re: Exploitation of unused IPv6-capabilities A . L . M . Buxey (Jan 18)